If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

ATTENTION: Windows 10 users

Beta 2 build is now available!

If you just upgraded to Windows 10 or running build 10240 or greater of Win 10 pre-release you will need to download and install the new version of ZoneAlarm 14.0.157.000

Blocking non North American websites to increase security.

Hi!

Most dangerous websites are located outside of North America. Specifically, I would like to block all Asia or Eastern Europe sites.
In ZA's firewall, I would like to modify the Internet zone to only include IP address blocks from US and Canada,
and then add all remaining ranges to the BLOCKED zone. An alternate way to do this would be to create an expert firewall rule.

This would effectively block all non US/Canada websites - which would increase security.

Does anyone know the IP address ranges that are allocated to the countries of USA and Canada?

Or, perhpas, is there a way in ZA to block domains - like all websites that end in &quot;.ru&quot; (Russia domain)?

Re: Blocking non North American websites to increase security.

"Most dangerous websites are located outside of North America. Specifically, I would like to block all Asia or Eastern Europe sites.
In ZA's firewall, I would like to modify the Internet zone to only include IP address blocks from US and Canada,
and then add all remaining ranges to the BLOCKED zone. An alternate way to do this would be to create an expert firewall rule."

Cannot be done in the ZA. Firewalls were never intended to be used as dedicated IP blockers - software firewalls control the ports, protcols and IP connections along witj application control.
The number of rules would reach phenominal proportions - you would end up with literally thousands of expert rules. The firewall would then take forever to load on startup anc connections would take forever even if they did not just time out.
This would happen to any firewall, not just the ZA.

Actually Japan and Korea are relatively safe (safer than the US for instance).
Some eastern european countries are realtively safe - checzk, slovack, etc are okay.
Some of the .nz and .au falls under the asian-pacific network.

I have used maybe 5 or 6 hundred blocks in the Zones of the ZA's firewall and that went successfully, but still only a drop in the bucket of just a few IPs when considering there are almost 5 billion IPs available. Each of those IPs are capable of 254 urls, so the number even goes higherfor just urls.

"This would effectively block all non US/Canada websites - which would increase security.

Does anyone know the IP address ranges that are allocated to the countries of USA and Canada?"

Additionally not just the N Amercian servers are involved with the N American connections - many other countries are involved to some degree - both good and bad sites. There can be rmaifications if this is not done properly.

Okay to give you and idea, here is a site with the latest list for the United States and Canada"

But keep in mind this probably still includes undesireable site/IPs; for examples... 180 solutions came from and still maintains many servers in Canada. Webair in the US has bad prono sites that can infect. Numerous troyan/mlaware sites are in both Canada and the US Spam servers would still be included. The list of bad sites would go on and on.
Even unwanted sites that are not neccessarily malicious would still be included... DoD, or GE or even banner ads (possible malware) or flash (possible malware)
So security would still not be increased.

"Or, perhaps, is there a way in ZA to block domains - like all websites that end in ".ru" (Russia domain)?"

Not all Russian sites end with .ru, as many end with .com, .net, etc. So do most of the eastern european countries such as Romainia not ending with just .ro In fact many of those foreign sites are written in excellent English and end with .com/.net/etc, thus making it difficult to tell if these are overseas sites or not. I can almost guarantee, you have been to many foreign sites and never even knew the difference.

This kind of blocking by cannot be done in the ZA.
It can however in the Privoxy or Webwasher Classic (which I both use together) or in the browsers themsleves such as Firefox (ad block addon) or Opera (built-in urlfiler.ini). It will have to done as wildcards....
for example:http://*.ru*http://*.ru.*http://*.ru.*.*
or even just using *.ru* and *.ru.* will probably work for you.

For further reading, Look into here, as the adfiltering methods can be adapted and both the Peer Guardian and Protowall (I use this and have about 2.5 billions IPs blocked off!) are mentioned, and a method of converting IP block lists into a useable .xml format for "adding" into the ZA backup .xml for fast/easy additions :

I probably have a few more on my desktop (in the laptop at the moment).

If you wish, I will post my protowall list for you. It can be used in either Peer Guardian or Protowall. This is the block list you exactly looking for - only Europe and N America and it has the bad sites from both blocked out. It is almost a year old and I yet still have not finished the updating of the file. But it is what you are looking for.

Re: Blocking non North American websites to increase security.

Hi Oldsod,

Thanks for your very informative post. Yes, please post your protowall list.
Since I only use the Firefox 3 browser, I will download the Firefox ad blocking addon you mentioned and try to convert your list
into the Firefox ad blocking addon's format.

Also, I have found ZA's expert firewall rules to be quite useful. In one rule, you can specify as many IP address ranges as you want to block (no limit).
Since all my home PC's have modern CPU's, the performance slowdown for using lengthly firewall rules might be not noticable.

Thanks for the links for additional reading - I'm looking into them so I can learn more on this topic.

Re: Blocking non North American websites to increase security.

My protowall list will not work directly in the FireFox and you will probably slow it down immensely - even with powerful cpu and mem. Any Firefox will too much added on becomes slow and bogged down.
Ditto for the ZA - there is a limit on the memory and files written and read and processed by any software.

Re: Blocking non North American websites to increase security.

Hi Oldsod,

Sorry for my delay in responding. I installed the open source Peer Guardian 2 (Version 2.0 Beta 6b).
I am trying to set up a block list that will effectively block any IP address / domain that is not in USA/Canada.
This should drastically increase the security of my PCs, as my view of the internet will no longer include the dangerous
domains of Asia and Eastern Europe.

If you have any tips on how to do this, or any blocking lists which you'd like to share, that would be helpful.

Also, do you see a need to install the closed source protowall, or would the open source Peer Guardian 2 be enough?

Re: Blocking non North American websites to increase security.

Hi Oldsod,

Thanks for the download link. Its blocked by the Proxy in my office, and at home McAfee Site advisor flags www.filefactory with a yellow danger rating. So you may want to be careful when you use that file server. I will try to download it later tonight.

Re: Blocking non North American websites to increase security.

Be careful what you describe from the site advisor as "risk".
Read what it exactly says and why it has the yellow alert!
Not just the generalizations and giving it the once over.
Look at exactly what the site advisor says:

No where does it say the site itself is malware, just the possible downloads have been seen to be malicious.
But then again what would expect from a file server when cracked and malicous software is rampant. Easy trick for a malware writer to give away the free software on a file host server and get victims. Please remember the file you will download is not an executible file of any kind. It is basically a text file with no code.

This is a link scan result of the exact link which you will use from filefactory.com:

Notice it is perfectly clean and has no malware of any kind in any of the web site files (html, js, etc) or in the file to be downloaded itself.

This is what my antivirus's web scanner will show if the site does have malicious files or is a phishing site. Please note the following image is not an indocation of malware from the given link to you but is simply an image of what my antivirus does. The point of this image is the filefactory.com site and the download link both passed my antivirus's web scan and was declared safe (detection rate of my antivirus is 99.8 percent).

The link and the site passes and is perfectly safe.
I do not give out risky links or bad files.
Not have I ever have before in the past.
Oldsod.

Re: Blocking non North American websites to increase security.

You are very welcome Bill!
A Thank you is one of the best rewards there is in life.
One of the nice aspects of Peer Guardian is that it merge the newer lists and remove any duplicates items and then creates a final and polished list. It should be a nice addition -almost finished a newer list (too much time involved).
Best regards.
Oldsod.